Re: [mod-security-users] mod_security-2.1.2 and Apache Segfault.. help
Brought to you by:
victorhora,
zimmerletw
From: Brian R. <Bri...@br...> - 2007-09-25 15:38:16
|
Additionally the output of 'httpd -V' would be good to have. thanks, -B Brian Rectanus wrote: > Why are you not using the latest 2.1.3? Have you tried that version? > > If you could get me a backtrace that would be great. Just send it to me > privately. See: http://httpd.apache.org/dev/debugging.html > > Also, please note any other modules you are loading/using. If you would > send your apache/modsec config that would be great as well. > > thanks, > -B > > hanj wrote: >> Hello All >> >> I'm running into a segfault issue with the latest upgrade to >> mod_sec-2.1.2. I just upgraded to apache-2.2 and mod_sec-2.1.2 >> lastnight, and I'm starting to see some files in /tmp that point to >> potential issues with mod_sec on my server. These files also correlate >> with Apache Seg Faults.. but nothing is in modsec_audit.log or >> modsec_debug.log with the time or unique ID. >> >> Any ideas how to isolate this? >> >> -rw------- 1 apache apache 0 Sep 24 05:31 >> 20070924-053156-98m3oUE9nXMAAFCnrIMAAAAR-file-pOVRWi >> -rw------- 1 apache apache 0 Sep 24 07:09 >> 20070924-070916-U@p580E9nXMAAA-hLHUAAAAH-file-h2Cyl1 >> -rw------- 1 apache apache 0 Sep 24 09:22 >> 20070924-092242-MRbbJEE9nXMAAD44ML0AAAAL-file-JMQDHo >> -rw------- 1 apache apache 91844 Sep 24 12:12 >> 20070924-121227-kCVsM0E9nXMAAA8ol@YAAAAB-file-CyyDMg >> -rw------- 1 apache apache 0 Sep 24 15:16 >> 20070924-151626-IiW5REE9nXMAAF1jIRcAAAAI-file-rICMwH >> -rw------- 1 apache apache 0 Sep 24 15:20 >> 20070924-152038-MTFiLkE9nXMAAFuzEoAAAAAD-file-qU2nn1 >> -rw------- 1 apache apache 0 Sep 24 15:23 >> 20070924-152306-OgI-QEE9nXMAAGBuXosAAAAP-file-0UQQLj >> -rw------- 1 apache apache 0 Sep 24 15:32 >> 20070924-153257-XTjscUE9nXMAAF09ZXoAAAAE-file-HVuOIJ >> -rw------- 1 apache apache 0 Sep 24 15:36 >> 20070924-153630-ad8ukEE9nXMAAGWqV1UAAAAH-file-gYpkuQ >> -rw------- 1 apache apache 0 Sep 24 15:41 >> 20070924-154146-fLp9@UE9nXMAAGXlHU8AAAAE-file-ayQ0Dv >> -rw------- 1 apache apache 0 Sep 24 16:05 >> 20070924-160501-z@rXBkE9nXMAAG5nSw4AAAAC-file-DO1pIs >> -rw------- 1 apache apache 0 Sep 24 16:05 >> 20070924-160524-0TzFm0E9nXMAAHH3zTEAAAAI-file-zllhVW >> -rw------- 1 apache apache 0 Sep 24 16:05 >> 20070924-160552-0u5C2kE9nXMAAGzKYCUAAAAP-file-J9rml7 >> -rw------- 1 apache apache 0 Sep 24 16:06 >> 20070924-160626-1PcBWEE9nXMAAHRL4cIAAAAE-file-mEkDl3 >> -rw------- 1 apache apache 0 Sep 24 16:06 >> 20070924-160650-1mZPQEE9nXMAAHS7xmQAAAAP-file-90G58M >> -rw------- 1 apache apache 0 Sep 24 16:07 >> 20070924-160727-2JrPCkE9nXMAAHUnP3sAAAAV-file-QsEarx >> -rw------- 1 apache apache 0 Sep 24 16:07 >> 20070924-160751-2gFapUE9nXMAAHUkPr8AAAAP-file-8VkCcv >> -rw------- 1 apache apache 0 Sep 24 16:08 >> 20070924-160835-3Kd2dkE9nXMAAHYSLHwAAAAC-file-iLI43Z >> -rw------- 1 apache apache 0 Sep 24 16:31 >> 20070924-163153-L-QWqUE9nXMAAH6C0-QAAAAT-file-V2pHMN >> -rw------- 1 apache apache 0 Sep 24 16:33 >> 20070924-163302-NB2oA0E9nXMAAH6Q-7oAAAAe-file-RGqSWk >> -rw------- 1 apache apache 0 Sep 24 16:35 >> 20070924-163556-Pm1RzUE9nXMAAH6bJwIAAAAo-file-ZrH22g >> -rw------- 1 apache apache 0 Sep 24 16:40 >> 20070924-164002-TRmK5UE9nXMAAARWPBEAAAAQ-file-yM89j7 >> -rw------- 1 apache apache 0 Sep 24 16:42 >> 20070924-164215-VQf-nUE9nXMAAAQippUAAAAL-file-doJPld >> -rw------- 1 apache apache 0 Sep 24 17:27 >> 20070924-172702-9Tt-PEE9nXMAABYzYpEAAAAE-file-z83cW6 >> -rw------- 1 apache apache 0 Sep 24 17:35 >> 20070924-173506-Eg92jkE9nXMAABJRGEIAAAAG-file-WeH8PQ >> -rw------- 1 apache apache 0 Sep 24 17:39 >> 20070924-173936-IijOhkE9nXMAABefSh0AAAAE-file-EXnO8b >> -rw------- 1 apache apache 0 Sep 24 17:41 >> 20070924-174119-KEZ@-EE9nXMAABqYM54AAAAK-file-Po5L06 >> >> >> >> [Mon Sep 24 05:31:57 2007] [notice] child pid 20647 exit signal >> Segmentation fault (11) >> [Mon Sep 24 07:09:17 2007] [notice] child pid 4065 exit signal >> Segmentation fault (11) >> [Mon Sep 24 09:22:43 2007] [notice] child pid 15928 exit signal >> Segmentation fault (11) >> [Mon Sep 24 12:12:29 2007] [notice] child pid 3880 exit signal >> Segmentation fault (11) >> [Mon Sep 24 15:16:27 2007] [notice] child pid 23907 exit signal >> Segmentation fault (11) >> [Mon Sep 24 15:20:39 2007] [notice] child pid 23475 exit signal >> Segmentation fault (11) >> [Mon Sep 24 15:23:07 2007] [notice] child pid 24686 exit signal >> Segmentation fault (11) >> [Mon Sep 24 15:32:57 2007] [notice] child pid 23869 exit signal >> Segmentation fault (11) >> [Mon Sep 24 15:36:30 2007] [notice] child pid 26026 exit signal >> Segmentation fault (11) >> [Mon Sep 24 15:41:46 2007] [notice] child pid 26085 exit signal >> Segmentation fault (11) >> [Mon Sep 24 16:05:03 2007] [notice] child pid 28263 exit signal >> Segmentation fault (11) >> [Mon Sep 24 16:05:24 2007] [notice] child pid 29175 exit signal >> Segmentation fault (11) >> [Mon Sep 24 16:05:53 2007] [notice] child pid 27850 exit signal >> Segmentation fault (11) >> [Mon Sep 24 16:06:28 2007] [notice] child pid 29771 exit signal >> Segmentation fault (11) >> [Mon Sep 24 16:06:51 2007] [notice] child pid 29883 exit signal >> Segmentation fault (11) >> [Mon Sep 24 16:07:28 2007] [notice] child pid 29991 exit signal >> Segmentation fault (11) >> [Mon Sep 24 16:07:51 2007] [notice] child pid 29988 exit signal >> Segmentation fault (11) >> [Mon Sep 24 16:08:35 2007] [notice] child pid 30226 exit signal >> Segmentation fault (11) >> [Mon Sep 24 16:31:53 2007] [notice] child pid 32386 exit signal >> Segmentation fault (11) >> [Mon Sep 24 16:33:03 2007] [notice] child pid 32400 exit signal >> Segmentation fault (11) >> [Mon Sep 24 16:35:56 2007] [notice] child pid 32411 exit signal >> Segmentation fault (11) >> [Mon Sep 24 16:40:02 2007] [notice] child pid 1110 exit signal >> Segmentation fault (11) >> [Mon Sep 24 16:42:16 2007] [notice] child pid 1058 exit signal >> Segmentation fault (11) >> [Mon Sep 24 17:27:03 2007] [notice] child pid 5683 exit signal >> Segmentation fault (11) >> [Mon Sep 24 17:35:07 2007] [notice] child pid 4689 exit signal >> Segmentation fault (11) >> [Mon Sep 24 17:39:36 2007] [notice] child pid 6047 exit signal >> Segmentation fault (11) >> [Mon Sep 24 17:41:19 2007] [notice] child pid 6808 exit signal >> Segmentation fault (11) >> >> The file that's not zero length is a JPG, so I tested uploads, and >> everything worked as expected. Not sure why I'm not seeing the unique >> ID in the logs. I did not have any problems with the older version >> ( apache-2.0.58-r2 / mod_security-2.1.1-r1 ). Unfortunately, rolling >> back will be a major pain. >> >> Here are my logging options: >> SecAuditEngine RelevantOnly >> SecAuditLogRelevantStatus "^[45]" >> SecAuditLogType Serial >> SecAuditLog /var/log/apache2/modsec_audit.log >> SecAuditLogParts "ABIFHZ" >> SecDebugLog /var/log/apache2/modsec_debug.log >> SecDebuLogLogLevel 3 >> >> The bottom line.. I'm unable to reproduce this. >> >> Thanks! >> hanj >> >> >> >> >> >> >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2005. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users > > -- Brian Rectanus Breach Security |